Active Information Gathering

DNS (Domain Name System)

DNS (Domain Name System) is a fundamental internet protocol that translates human-readable domain names (e.g., example.com) into numerical IP addresses (e.g., 192.0.2.1). It enables users to access websites and services by converting user-friendly domain names into machine-readable IP addresses, facilitating communication between devices on the internet. DNS plays a crucial role in ensuring efficient and reliable internet connectivity, making it possible for users to access online resources using familiar domain names instead of memorizing complex IP addresses.

A DNS server is a crucial component of the Domain Name System (DNS), responsible for translating human-readable domain names into their corresponding IP addresses. When users request a website or service, the DNS server resolves the domain name to the correct IP, facilitating communication between devices on the internet. DNS servers can be configured as authoritative, handling specific domains, or as recursive, helping clients find IP addresses for any domain they query.

Examples of public DNS Servers:-

1. Google Public DNS:

   • IPv4: 8.8.8.8, 8.8.4.4

   • IPv6: 2001:4860:4860::8888, 2001:4860:4860::8844

2. Cloudflare DNS:

   • IPv4: 1.1.1.1, 1.0.0.1

   • IPv6: 2606:4700:4700::1111, 2606:4700:4700::1001

3. OpenDNS (Cisco Umbrella):

   • IPv4: 208.67.222.222, 208.67.220.220

   • IPv6: 2620:119:35::35, 2620:119:53::53

DNS Zone Transfers

DNS zone transfers are a mechanism used by secondary DNS servers to synchronize their data with a primary DNS server. During a zone transfer, the primary server sends a copy of the DNS zone's records to the secondary server, ensuring consistent and up-to-date information across multiple servers. However, improper zone transfer configurations can lead to security vulnerabilities, making it essential to set appropriate access controls.

Reference:

DNS Reconnaissance

DNS reconnaissance is the process of gathering information about a domain's DNS infrastructure to identify potential targets and vulnerabilities. It involves querying DNS records to map the network and understand its structure.

Host Discovery

• -sn flag in nmap initiates a ping scan to discover live hosts on the network by sending ICMP Echo Requests and listening for ICMP Echo Replies, without performing a full port scan.

Port Scanning

• -Pn flag in nmap disables host discovery and assumes the target host(s) are online, bypassing ICMP ping probes and allowing direct scanning of specified ports and services.

• -p- flag in nmap initiates a full port scan, probing all 65535 TCP ports on the target host(s) to identify open ports and services.

  • -p 80 : On Port to be scanned.

  • -p 80, 445, 21 : Multiple Ports to be scanned

  • -p22-80808 : Specify range of Ports to be scanned

• -F flag in nmap initiates a Fast Scan by probing the top 100 most common TCP ports on the target host(s) to quickly identify active services.

• -sU flag in nmap initiates a UDP scan to detect open UDP ports on the target host(s), helping to identify potential services running on those ports.

• -sV flag in nmap enables version detection, allowing it to determine the versions of services running on the open ports discovered during the scan.

• -O flag in nmap enables operating system detection, allowing it to make educated guesses about the underlying operating system running on the target host(s) based on network fingerprints and responses.

• -sC flag in nmap initiates a default script scan, running a set of pre-defined scripts to identify vulnerabilities and gather information on the target host(s) after the port scan.

• -A flag in nmap enables aggressive scanning, combining OS detection, version detection, script scanning, and traceroute to comprehensively gather information about the target host(s).

• -T4 option in nmap sets the timing template to a reasonably fast scan speed, balancing scan time with the chances of detection by intrusion detection/prevention systems or firewalls.

• -oN is used for saving scan results in a human-readable format, while -oX is used for saving results in a structured XML format for further processing with other tools or scripts.

Hacker's Mantra:Privacy should not be a luxury good. - Sundar Pichai